Grouper Developers Forum

[Emily Eisbruch <>]

Notes and Action Items: Grouper Call of  Wed. 13-Jan-2016  

Attending: Chris Hyzer, Shilen Patel, Misagh Moayyed, Bert Bee-Lindren, Tom Barton, Emily Eisbruch

New Action Items from Jan 13, 2016 call

[AI] (Chris) will provide Shilen with hibernate mapping example

[AI] (Chris) make a JIRA about renaming of Loader to Daemon and share it with the list

[AI] (Bert) email DaveL to clarify the conflict handling issue in Post PSP Provisioning wiki

.[AI] Shilen look at GrouperKimModule and make it compile with attributes/types

[AI] ( Misagh) look on Grouper wiki for Java doc links and change them to grouper.io

[AI] (Shilen) create a wiki documenting the Loader work - not done yet

 

Review AIs from previous call

[AI] (Shilen) create a wiki documenting the Loader work - not done yet

[AI] Chris will work on Security Configuration issue (done)

[AI} (Emily) tell Dean we’d like Grouper IAM Online in  July 2016 (done)

[AI] ( Emily ) submit request for a Grouper BOF at Global Summit (done)

 

Discussion

Current work tasks

see Roadmap 

Chris: GSH export/import, Messaging changelog consumer

issue around attributes

loader jobs, editing attributes

this work enables  specifying a folder and a filename for exporting to GSH

  allows one to “give this subject same permissions as other subject”

Bert asks about the change log consumer.. Chris says it it not quite ready yet

Chris send bert email on using messaging

1.       https://spaces.internet2.edu/display/Grouper/Grouper+messaging+built+in

Shilen: Loader, Hibernate?  Other?

Shilen says most of the Hibernate work is done and things are working

some tests are broken, but this does not seems to be due to hibernate issues

Shilen has not worked on the Loader recently. Will get back to the Loader work

Shilen fixed the quartz tables (prefixed table names with ‘grouper’)

got MSQL to work without creating temp tables in background

how to put queries into code using hibernate mapping?

Chris will provide Shilen with and example

[AI] (Chris) will provide Shilen with hibernate mapping example 

Bert: should we rename the Loader to Grouper Daemon?

Chris: Q: would we rename the java project?

A: we could just clarify in documentation

Shilen: agree, we should call it Grouper Daemon

The upgrade could rename the config file

can’t support both config file names due to the way the config overlay works

[AI] (Chris) make a JIRA about renaming of Loader to Daemon and share it with the list

PSP NG (Bert)

Chris: should we do a new config file for PSP?

Bert: yes

Bert will create a project under PSP

In the future there could be a lot of destinations

For now we are focusing on 3 LDAP targets

Misagh: follow the Grouper Misc project

make Grouper.psp under main directory and have sub projects under that

Grouper.psp/grouper-psp-ldap/

Grouper.psp/grouper-psp-core

Need configuration code examples:

 

*LDAP Pool setup, reusing as much information as possible from sources.xml or elsewhere

*Provisioner config: Implementing an overlay-based config providing the following information:

-LDAP-Pool info

-Destination Type (Active Directory Groups, LDAP Groups, LDAP Account Attributes)

-Destination Details (OU, Group-creation template, group layout, nested or flattened groups, attribute-values, etc)

-Subject-finding - Groups and Non-Groups (Search Base/search filter or GeneratedDn)

Questions:

 

*Given overlaid configurations, should we have defaults in Code or in an OOTB overlay paragraph. For instance, should the Active-Directory-Group provisioner class have attribute-value paging enabled or should that be enabled only in an active-directory overlay?

Chris: put everything that can be configured in the base properties file.

*From https://spaces.internet2.edu/display/Grouper/Post+PSP+Provisioning#PostPSPProvisioning-FirstImplementations

What conflicts need to be handled by Conflict Handling?

could be conflict when provisioner thinks one thing and destination things another.

[AI] (Bert) email DaveL to clarify the conflict handling issue in Post PSP Provisioning wiki

*How does incremental provisioning protect from >N% removals?

Tom: something can go wrong upstream. Might want sanity check of the loader. Would be good to throw a flag up so if it’s a problem, it can be managed.

Bert - at GA Tech , flattened groups are used.

What ends up getting provisioned?

should nested groups in AD be supported or could we just flatten all indirect memberships and put them in the parent group?

Tom: problems supporting a nested structure once it gets deeper

Misagh: queries against nested model are “expensive”

Tom: Flattened membership is different from flat vs bushy

How to handle groups with sub-groups? should those be flattened? [Yes]

hard to make access control decisions with recursion

Bert  - inclined to flatten memberships for provisioning

Chris: use 80 / 20 rule for first release - provision flattened memberships

Then ask the list if next release should offer more options

Have a configured minimum-group-size before safety-net kicked in

Summary:

• Will only offer flattened memberships

• Will offer flat & bush group locations

·    Misagh: Building and packaging

1. https://spaces.internet2.edu/pages/viewpage.action?pageId=87755940

2. Travis is now able to build Grouper via gradle 2.10. All Grouper modules are converted. https://travis-ci.org/Internet2/grouper/builds

3. Javadocs are automatically published: https://internet2.github.io/grouper/ There are lots of failures/errors with Javadocs. Those are ignored for the time being. 

4. Need a fix on the compile issue of the kim module. Something with the old GroupType class.[AI] Shilen look at GrouperKimModule and make it compile with attributes/types

5. Need access to the Settings area of the repository so I can configure automatic snapshots to Sonatype. Contacted tech-support. Already have access to sonatype. Snapshots will be published on every successful build of Travis, which is trigger per every commit to the relevant branch (i.e. master) 

6. All work is published to the gradle branch of the repository. I merge with master periodically.See the travis.yml file on build instructions. Will document on the wiki too.

7. Will be working on the Travis build to auto configure and run tests based on Hyzer’s instructions. 

8. Will be working on WS and UI next to package the wars, etc. 

9. Will likely miss the next Grouper call. Travel.

Should we change the links in the Java docs? 

Should training videos be updated?

[AI] ( Misagh) look on Grouper wiki for Java doc links and change them to grouper.io

Chris suggests using a text editor with search and replace.

·         Vivek: WS
 

 TIER update

·   Packaging Survey questionpro.com/t/AK1buZTO63  

  -survey is due Jan 15, 2016 

Issue roundup

·         Grouper GSH import/export (other tasks?  Clone privileges / memberships of subject?)

·         Grouper/Box 

·         COmanage/SCIM (send messages to WS from grouper change log)

(Benn Oshrin and Chris have been talking about this)

·         Licensing/copyright of contributed work

·         Api log4j locations

·         Grouper ui errors (waiting on logs)

• AWS aurora

Unboundid and apacheds unit Testing - Misagh has some examples to shar

Sample unboundid ldap server:

https://github.com/UniconLabs/unboundid-ldap-server 

 Next Grouper Call: Wed Jan. 27, 2016

Emily Eisbruch, Work Group Lead, Trust and Identity
Internet2

office: +1-734-352-4996 | mobile +1-734-730-5749